User CAS DAG For any given mailbox’s connectivity, the user is always served by the server that hosts the active database copy Each CAS determines.

Slides:



Advertisements
Similar presentations
5 server roles Tightly-coupled in terms of versioning functionality user partitioning geo-affinity Previous Server Role Architecture Internal Network.
Advertisements

MEC /5/2017 1:13 PM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Load Balancer MDB HTTP Proxy IIS Client Access RPC CA Mailbox IIS RPS OWA, EAS, EWS, ECP, OAB POP, IMAP SMTPUM POP IMAP Transpo rt UM SMTP POP,
Exchange Server 2010 Upgrade and Deployment Meelis Nigols koolitaja IT Koolitus.
Scott Schnoll Exchange Server 2013 Site Resilience.
Welcome to the Exchange 2013 Webcast Deployment & Coexistence.
F5 Solution for Microsoft Exchange 2010 James Hendergart Business Development Manager Helen Johnson Solution Engineer.
Part 2 Transport Unified Messaging Managed Availability.
Pre-Release Programs Be first in line! Exchange & SharePoint On-Premises Programs Customers get: Early access to new features Opportunity to shape features.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 of 3 Open Outlook On the Tools menu, click Account Settings. 1 Enable Outlook Anywhere 2 Click your Microsoft Exchange account, and then click.
Circuit & Application Level Gateways CS-431 Dick Steflik.

IMAP migration Cutover migration Staged migration 2010 Hybrid2013 Hybrid Exchange 5.5 Exchange 2000 Exchange 2003 Exchange 2007 Exchange 2010 Exchange.
Overview of Exchange 2013 Architecture Transport components shipping with Exchange 2013 Mail Routing Scenarios Transport High Availability SMTP Client.
AD Web browser Outlook (remote user) Mobile phone Line of business application Outlook (local user) External SMTP servers Exchange Online Protection.
MEC /19/2017 7:51 PM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Exchange Deployment Planning Services
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
CAS Array DAG MBX-A MBX-B DB1 Load Balancer.
TechEd /20/2017 2:02 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Martin Coetzer Technical Consultant Microsoft Session Code: UNC310.
Introduction 4 FeatureSimpleHybrid Mail routing between on-premises and cloud (recipients on either side) Mail routing with shared namespace (if desired)
Zbyněk Saloň Exchange 2013 – Autodiscover - Overview.
Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Eesti. Baltimaad. Põhja Euroopa. Priit Timpson Atea teenuste osakond.
EXL311: Exchange Server 2013 Architecture Deep Dive Scott Schnoll Microsoft Corporation EXL311.
Office 365 Exchange Online Migration Overview. Catapult Overview  An independent wholly owned subsidiary of CSI since 2013  Privately founded in 1993,
AVAILABILIT Y Cloud = Datacenter N2H LOB Basic needs Think in ROLES.
Chris Goosen Infrastructure Consultant Kloud Solutions.
1 3 Web Proxies Web Protocols and Practice. 2 Topics Web Protocols and Practice WEB PROXIES  Web Proxy Definition  Three of the Most Common Intermediaries.
Access Gateway Operation
CAS Exchange 2013 architecture For a given mailbox’s connectivity, the protocol being used is always served by the server that hosts the active database.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
Networks – Network Architecture Network architecture is specification of design principles (including data formats and procedures) for creating a network.
Exchange Exchange Server Role Architecture in Exchange Server 2013 Server roles in Exchange Server 2013: Client Access Server Mailbox Server Client.
Transport Layer Layer #4 (OSI-RM). Transport Layer Main function of OSI Transport layer: Accept data from the Application layer and prepare it for addressing.
Click to edit Master title style TechNet goes virtual ©2009 Microsoft Corporation. All Rights Reserved. TechNet goes virtual Upgrading and Coexisting with.
Scott Schnoll m Microsoft Corporation.
Exchange Server versionForest "rangeUpper" attribute of ms-Exch-Schema-Version-Pt Exchange 2000 Server RTM4397 Exchange 2000 Server SP34406.
Module 4 Planning and Deploying Client Access Services in Microsoft® Exchange Server 2010 Presentation: 120 minutes Lab: 90 minutes After completing.
Transport components shipping with Exchange 2013 Overview of Exchange 2013 Architecture Architectural improvements made in Transport History, Challenges,
Overview of Microsoft ISA Server. Introducing ISA Server New Product—Proxy Server In 1996, Netscape had begun to sell a web proxy product, which optimized.
Module 6: Managing Client Access. Overview Implementing Client Access Servers Implementing Client Access Features Implementing Outlook Web Access Introduction.
Exchange Server 2013 Architecture
Integrating and Troubleshooting Citrix Access Gateway.
Homework 02 NAT 、 DHCP 、 Firewall 、 Proxy. Computer Center, CS, NCTU 2 Basic Knowledge  DHCP Dynamically assigning IPs to clients  NAT Translating addresses.
Unit - III. Providing a Caching Proxy Server (1) A caching proxy server is software that stores (caches) frequently requested internet objects such as.
Exchange Server versionForest "rangeUpper" attribute of ms-Exch-Schema-Version-Pt Exchange 2000 Server RTM4397 Exchange 2000 Server SP34406 Exchange.
ProductExchange 2013 SP1Exchange 2013 RTMExchange 2010 SP3Exchange 2007 SP3 Outlook 2013 SP1 or later MAPI over HTTP Outlook Anywhere Outlook Anywhere.
Information explosion 1.4X 44X Internet AD Web browser Outlook (remote user) Mobile phone Line of business application Outlook (local user) External.
Also known as hardware/physi cal address Customer Computer (Client) Internet Service Provider (ISP) MAC Address Each Computer has: Given by NIC card.
VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.
Presented By Hareesh Pattipati.  Introduction  Firewall Environments  Type of Firewalls  Future of Firewalls  Conclusion.
Deployment on your terms Hybrid Exchange deployment on your terms On-premises.
Planning and Deploying Client Access Servers
Web and Proxy Server.
NAT、DHCP、Firewall、FTP、Proxy
Lab A: Planning an Installation
Module 3: Enabling Access to Internet Resources
Autodiscover is Hero of Exchange Motherland!
Enabling Secure Internet Access with TMG
Affinity Depending on the application and client requirements of your Network Load Balancing cluster, you can be required to select an Affinity setting.
Deploy Microsoft Exchange Server 2016
TechEd /17/ :40 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
Exchange 2013 Upgrade and Coexistence
INFORMATION FLOW ACROSS THE INTERNET
Presentation transcript:

User CAS DAG For any given mailbox’s connectivity, the user is always served by the server that hosts the active database copy Each CAS determines the right end point for the traffic, and so all sessions – regardless of where they started – end up in the same place MBX-BMBX-A Layer 4LB

MBX CAS Load balancer HTTP proxy IIS DB Protocol head Local proxy request SITE BOUNDARY MBX CAS Load balancer IIS HTTP proxy DB Protocol head OWA cross-site redirect requestCross-site proxy request SITE BOUNDARY MBX DB Protocol head HTTP

Clients autodiscover.contoso.com E2010 CAS E2010 MBX E2013 CAS E2013 MBX E2010 CAS E2010 MBX DNS Internet-facing siteIntranet site CAS 2010 handles request PROXY

Clients autodiscover.contoso.com E2007 CAS E2007 MBX E2013 CAS E2013 MBX E2007 CAS E2007 MBX DNS Internet-facing siteIntranet site MBX 2013 handles request PROXY MBX 2013 handles request PROXY

Outlook clients Internal LB namespace E2010 CAS E2010 MBX E2013 CAS E2013 MBX E2010 CAS E2010 MBX Internet-facing siteIntranet site CAS 2010 handles request PROXY The triangle (AD) Lookup SCP records in AD

Outlook clients Internal LB namespace E2007 CAS E2007 MBX E2013 CAS E2013 MBX E2007 CAS E2007 MBX Internet-facing siteIntranet site Still a triangle Lookup SCP records in AD MBX 2013 handles request PROXY

mail.contoso.com E2010/ E2007 MBX Internet-facing siteIntranet site E2010/E2007 CAS Enable OA Client Auth: Basic IIS Auth: Clients E2013 MBX E2013 CAS Enable OA Client Auth: Basic IIS Auth: Basic E2010/ E2007 MBX E2010/E2007 CAS Enable OA Client Auth: Basic IIS Auth: NTLM 1.Enable Outlook Anywhere On intranet 2007/2010 servers 2.Client settings Make 2007/2010 client settings the same as 2013 Server (in this case meaning OA hostname = mail.contoso.com and client auth = Basic) 3.IIS authentication methods Must include NTLM RPC/HTTP PROXY RPC PROXY NTLM RPC

mail.contoso.com LAYER 4 LB OWA E2010 MBX Internet-facing site E2010 CAS HTTP PROXY RPC E2013 MBX E2013 CAS Intranet site E2010 MBX E2010 CAS europe.mail.contoso.com LAYER 7 LB Auth 2013 logon page Same site proxy request HTTP PROXY Cross site proxy request RPC Auth 2010 logon page single sign on (sso) redirect!! new in CU2!

mail.contoso.com LAYER 4 LB OWA E2007 MBX Internet-facing site E2007 CAS RPC E2013 MBX E2013 CAS Intranet site E2007 MBX E2007 CAS europe.mail.contoso.com LAYER 7 LB Auth 2013 logon page Auth 2007 logon page HTTP PROXY RPC Auth 2010 logon page Legacy.mail.contoso.com LAYER 7 LB Single sign on (SSO) redirect!! New in CU2! Single sign on (SSO) redirect!! New in CU2!

mail.contoso.com LAYER 4 LB OWA E2010 MBX Internet-facing site E2010 CAS E2013 MBX E2013 CAS Intranet-facing site E2013 MBX E2013 CAS europe.mail.contoso.com LAYER 4 LB Auth 2013 logon page Single sign on (SSO) redirect!! New in CU2!

mail.contoso.com LAYER 4 LB OWA E2010 MBX Internet-facing site E2010 CAS E2013 MBX E2013 CAS Intranet-facing site E2013 MBX E2013 CAS mail.contoso.com LAYER 4 LB Auth 2013 logon page HTTP PROXY

mail.contoso.com LAYER 4 LB EAS E2010 MBX Internet-facing site E2010 CAS HTTP PROXY E2013 MBX E2013 CAS Intranet site E2010 MBX E2010 CAS europe.mail.contoso.com LAYER 7 LB Same site proxy request HTTP PROXY Cross site proxy request

mail.contoso.com LAYER 4 LB EAS Internet-facing site Intranet site E2007 MBX E2007 CAS europe.mail.contoso.com LAYER 7 LB legacy.mail.contoso.com LAYER 7 LB E2007 MBX E2007 CAS E2013 MBX E2013 CAS

mail.contoso.com LAYER 4 LB EWS E2010 MBX Internet-facing site E2010 CAS HTTP PROXY E2013 MBX E2013 CAS Intranet site E2010 MBX E2010 CAS europe.mail.contoso.com LAYER 7 LB Same site proxy request HTTP PROXY Cross site proxy request

E2007 MBX E2007 CAS E2013 MBX E2013 CAS mail.contoso.com LAYER 4 LB EWS Europe intranet-facing site E2007 MBX E2007 CAS europe.mail.contoso.com LAYER 7 LB legacy.mail.contoso.com LAYER 7 LB Internet-facing siteIntranet site

User CAS DAG MBX-BMBX-A Layer 4LB For any given mailbox’s connectivity, the user is always served by the server that hosts the active database copy. Each CAS determines the right end point for the traffic, and so all sessions – regardless of where they started – end up in the same place.

Layer 4LB User Client makes request to FQDN: /ews/Exchange.asmx on TCP 443 LB sees: IP address/Port No SSL Termination CAS LB forwards traffic to CAS with no idea of final URL So how do we pick a CAS when there are several, or determine the health of a CAS?

Layer 4LB UserCAS OWA ECP EWS EAS OAB AutoD mail.contoso.com autodiscover.contoso.co m If you can test the health of a Vdir on CAS to determine overall server health – which one(s) would you pick? RPC mail.contoso.com/rpc Result: At layer four – with one namespace – health is per server, NOT per protocol

Layer 7LB UserCAS OWA ECP EWS EAS OAB AutoD mail.contoso.com autodiscover.contoso.co m SSL Termination at Load Balancer reveals full URL RPC mail.contoso.com/rpc mail.contoso.com/owa Result: At layer seven – with one namespace – health is per protocol

Layer 4LB UserCAS OWA ECP EWS EAS OAB AutoD mail.contoso.com autodiscover.contoso.co m The destination IP implies the full URL RPC rpc.contoso.com owa.contoso.com Result: At layer four – with multiple namespaces – health is per protocol ews.contoso.com oab.contoso.com eas.contoso.com ecp.contoso.com

Functionality Simplicity Target Audience Trade-offs + Simple, fast, no affinity LB + Single, unified namespace + Minimal networking skillset - Per server availability + Simple, fast, no affinity LB + Per protocol availability - One namespace per protocol + Per protocol availability + Single, unified namespace - SSL LB - Requires increase networking skillset

Layer 4LB User Client makes request LB sees: IP address/port No SSL termination CAS LB forwards traffic to CAS Is this not a packet filtering device?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.